Thursday, April 28, 2016

Login screens need to move forward.

Whether it's 5 minutes to kill or the last 2 minutes until nuclear meltdown, we've all been stonewalled by logins. Everything requires an account now, and some these are completely useless. Pinterest is a prime example: you need an account just to browse pictures and other peoples' hobbies. Rullly? On the other hand, I'm glad my financial sites check the IP I logged in with and ask security questions. My main gripe is some of the unnecessary stress that passwords cause us.

My Outlook box at work demands I change my password every 3 months. I can understand executives wanting this feature, but when most of the company uses email in place of chat (to discuss team projects and customer orders,) the information just doesn't need that level of protection. As a matter of fact, between sick days and high turnover in the entry-level positions, a team having to wait for one person to get his or her password right could be a problem. For me, frequently changing passwords often causes the ohh shit, I need to check something before I need to go home, and forgot my password situation. This leads me to my password retrieval gripe.

Digging up or fixing your forgotten password is a nightmare. After your 3 failed attempts because you logged in standing up and your wrist was resting on CTRL, what's the next step? Call IT, which is already closed for the day.

Some sites will ask your security questions and personal info before either resetting the password, or triggering a reset password email. That is a good thing. Attention companies: automating password retrieval is the way to go! Having to call someone to get a password for your login is silly, unless you work somewhere with incredibly important data. However, even those places have the James Bond random number generator key chain thinggies that make the password reset call unnecessary.

This site gets it!
Also, I recently got burned for not knowing whether I had an account or not. I was applying for a new position within my company, and forgot my password. Now, I have 10 memorized passwords, which is probably more than the average Joe, but still less variety than I should. Anyway, I used the forgot password link, entered one of my 3 emails, and was rewarded with this.

Seriously, fuck off. If? I'd done this with 30 minutes before I had to head to work, and waited around like an asshole to know whether or not I'd already created an account under that particular email. I don't know if that's more or less infuriating than that 5-minute wait for the password reset email when you actually do have an account.

No one has screwed me over as much as Microsoft, though. My hotmail account was hacked 10 years ago, and there's no tech support number to call - in fact, someone took notice of this and posted a number as a Google result. I got halfway into the call when someone with an accent asked me for $69 and a credit card number. Bless that guy and fuck Microsoft for not having a normal retrieval process. They have a list of about 50 security questions to answer, with your personal information and even a open answer part with "some of the last subjects your emails were about." In theory, this is genius, but if someone hijacked your account and sent out 100 emails, then whatever you guess isn't going to work. And surprise! It didn't. Instead, some clever thief capitalized on Microsoft's inability to satisfy a common issue.

As much as I rail on Apple, I'm really glad that they've tied most of your logins to when you unlock your phone. Most of the frivolously protected sites/apps with logins being opened with a swipe works juuuuust fine.

I'm not saying get rid of logins altogether, and I'm not calling for sci-fi eye scanners on every device, but some companies need to realize just how much a pain in the ass their accounts are to access.

No comments:

I am one of those people that uses the word  perfect subjectively. I think something is perfect if it does what it's intended to do ...